shotgun/serve/session.go

package serve

import (
	"context"
	"net/http"
	"time"

	"git.sunturtle.xyz/studio/shotgun/player"
)

type ctxKey[T any] struct{}

func value[T any](ctx context.Context) T {
	r, _ := ctx.Value(ctxKey[T]{}).(T)
	return r
}

func with[T any](ctx context.Context, v T) context.Context {
	return context.WithValue(ctx, ctxKey[T]{}, v)
}

const sessionCookie = "__Host-id-v1"

// SetSession sets a cookie carrying a session token on a response.
func SetSession(w http.ResponseWriter, s player.Session) {
	http.SetCookie(w, &http.Cookie{
		Name:     sessionCookie,
		Value:    s.String(),
		Path:     "/",
		Expires:  time.Now().Add(365 * 24 * time.Hour),
		Secure:   true,
		HttpOnly: true,
		SameSite: http.SameSiteLaxMode,
	})
}

// RemoveSession clears the session token cookie on a response.
func RemoveSession(w http.ResponseWriter) {
	http.SetCookie(w, &http.Cookie{
		Name:     sessionCookie,
		Value:    "",
		Path:     "/",
		Expires:  time.Unix(0, 0),
		Secure:   true,
		HttpOnly: true,
		SameSite: http.SameSiteLaxMode,
	})
}

// WithSession is a middleware that adds a player ID and session to the request
// context based on the session cookie content. If there is no such cookie, or
// its value is invalid, the request fails with a 401 error.
func WithSession(sessions player.RowQuerier) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			c, err := r.Cookie(sessionCookie)
			if err != nil {
				http.Error(w, "unauthorized", http.StatusUnauthorized)
				return
			}
			id, err := player.ParseSession(c.Value)
			if err != nil {
				http.Error(w, "unauthorized", http.StatusUnauthorized)
				return
			}
			p, err := player.FromSession(r.Context(), sessions, id, time.Now())
			if err != nil {
				http.Error(w, "unauthorized", http.StatusUnauthorized)
				return
			}
			ctx := with(with(r.Context(), id), p)
			next.ServeHTTP(w, r.WithContext(ctx))
		})
	}
}

// ReqPlayer returns the session ID set by WithSession in the request context.
func ReqPlayer(ctx context.Context) player.ID {
	return value[player.ID](ctx)
}

// ReqSession returns the session ID set by WithSession in the request context.
func ReqSession(ctx context.Context) player.Session {
	return value[player.Session](ctx)
}
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`package serve`

			`import (`
			`"context"`
			`"net/http"`
			`"time"`

			`"git.sunturtle.xyz/studio/shotgun/player"`
			`)`

			`type ctxKey[T any] struct{}`

			`func value[T any](ctx context.Context) T {`
			`r, _ := ctx.Value(ctxKey[T]{}).(T)`
			`return r`
			`}`

			`func with[T any](ctx context.Context, v T) context.Context {`
			`return context.WithValue(ctx, ctxKey[T]{}, v)`
			`}`

			`const sessionCookie = "__Host-id-v1"`

add login handler 2024-02-01 21:40:59 -05:00			`// SetSession sets a cookie carrying a session token on a response.`
			`func SetSession(w http.ResponseWriter, s player.Session) {`
			`http.SetCookie(w, &http.Cookie{`
			`Name: sessionCookie,`
			`Value: s.String(),`
			`Path: "/",`
			`Expires: time.Now().Add(365 * 24 * time.Hour),`
			`Secure: true,`
			`HttpOnly: true,`
			`SameSite: http.SameSiteLaxMode,`
			`})`
			`}`

add logout button 2024-02-02 18:30:35 -05:00			`// RemoveSession clears the session token cookie on a response.`
			`func RemoveSession(w http.ResponseWriter) {`
			`http.SetCookie(w, &http.Cookie{`
			`Name: sessionCookie,`
			`Value: "",`
			`Path: "/",`
			`Expires: time.Unix(0, 0),`
			`Secure: true,`
			`HttpOnly: true,`
			`SameSite: http.SameSiteLaxMode,`
			`})`
			`}`

			`// WithSession is a middleware that adds a player ID and session to the request`
			`// context based on the session cookie content. If there is no such cookie, or`
			`// its value is invalid, the request fails with a 401 error.`
fix player/session id distinction and add /user/me api endpoint 2024-02-01 22:38:44 -05:00			`func WithSession(sessions player.RowQuerier) func(http.Handler) http.Handler {`
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`c, err := r.Cookie(sessionCookie)`
			`if err != nil {`
fix player/session id distinction and add /user/me api endpoint 2024-02-01 22:38:44 -05:00			`http.Error(w, "unauthorized", http.StatusUnauthorized)`
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`return`
			`}`
			`id, err := player.ParseSession(c.Value)`
			`if err != nil {`
fix player/session id distinction and add /user/me api endpoint 2024-02-01 22:38:44 -05:00			`http.Error(w, "unauthorized", http.StatusUnauthorized)`
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`return`
			`}`
			`p, err := player.FromSession(r.Context(), sessions, id, time.Now())`
			`if err != nil {`
fix player/session id distinction and add /user/me api endpoint 2024-02-01 22:38:44 -05:00			`http.Error(w, "unauthorized", http.StatusUnauthorized)`
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`return`
			`}`
add logout button 2024-02-02 18:30:35 -05:00			`ctx := with(with(r.Context(), id), p)`
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`
			`}`

get player id with middleware, not session 2024-02-02 14:03:05 -05:00			`// ReqPlayer returns the session ID set by WithSession in the request context.`
			`func ReqPlayer(ctx context.Context) player.ID {`
			`return value[player.ID](ctx)`
get player ids from sessions, not ips 2024-02-01 09:26:27 -05:00			`}`
add logout button 2024-02-02 18:30:35 -05:00
			`// ReqSession returns the session ID set by WithSession in the request context.`
			`func ReqSession(ctx context.Context) player.Session {`
			`return value[player.Session](ctx)`
			`}`